From nobody Wed Jun 19 05:14:20 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D09841205F1; Wed, 19 Jun 2019 05:14:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KWbfPVHxYaju; Wed, 19 Jun 2019 05:14:08 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on061e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::61e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2755912047D; Wed, 19 Jun 2019 05:14:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o7Kpj2u7nLsmkkY2wiADaH5flUitbGijXbX2XnGlMi8=; b=cWWPKy8nRNMf8j1nxjC2ZQJ9oBA1xz9bVeZegvtHcR1Y3tsfWWsdxqvAqD7rMhJ+9AdImEvQ951gZqKwNunXc3Q73tARp+VVvewFSy1U8uw6Z5o7/EpjaNqpvNPJgE+lsu10AsKurOxc7f9H7Ii2OLat+Oy8Z5Ob7X362HI83Cs= Received: from HE1PR0702MB3786.eurprd07.prod.outlook.com (52.133.7.16) by HE1PR0702MB3772.eurprd07.prod.outlook.com (52.133.7.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.12; Wed, 19 Jun 2019 12:14:05 +0000 Received: from HE1PR0702MB3786.eurprd07.prod.outlook.com ([fe80::cfa:bf2f:4673:766]) by HE1PR0702MB3786.eurprd07.prod.outlook.com ([fe80::cfa:bf2f:4673:766%4]) with mapi id 15.20.2008.007; Wed, 19 Jun 2019 12:14:05 +0000 From: Miika Komu To: "iesg@ietf.org" , "spencerdawkins.ietf@gmail.com" CC: "hip-chairs@ietf.org" , "draft-ietf-hip-dex@ietf.org" , "hipsec@ietf.org" Thread-Topic: [Hipsec] Spencer Dawkins' No Objection on draft-ietf-hip-dex-06: (with COMMENT) Thread-Index: AQHT8Wc4FFWPP87M/E2KPx4iMJUVTKalTioA Date: Wed, 19 Jun 2019 12:14:05 +0000 Message-ID: <7934deefa772f778146bc401006c5635afdfaf75.camel@ericsson.com> References: <152695036709.7650.1412062169882723188.idtracker@ietfa.amsl.com> In-Reply-To: <152695036709.7650.1412062169882723188.idtracker@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6ef11aa6-2116-4959-1063-08d6f4af9fbb x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0702MB3772; x-ms-traffictypediagnostic: HE1PR0702MB3772: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0073BFEF03 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(396003)(346002)(366004)(136003)(189003)(199004)(36756003)(66946007)(81166006)(73956011)(2616005)(50226002)(44832011)(76116006)(14454004)(229853002)(8936002)(486006)(186003)(86362001)(476003)(26005)(2906002)(118296001)(25786009)(6512007)(11346002)(446003)(66556008)(64756008)(66446008)(66476007)(6306002)(53936002)(110136005)(54906003)(6486002)(68736007)(6436002)(316002)(76176011)(4326008)(5660300002)(6506007)(71190400001)(71200400001)(99286004)(3846002)(66066001)(6246003)(6116002)(256004)(14444005)(7736002)(305945005)(8676002)(2501003)(102836004)(478600001)(81156014)(966005)(99106002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0702MB3772; H:HE1PR0702MB3786.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: dV2CwabA1K7aVbavenWCJpVy6JBg0PTUk69e+q2MHdZzTpJUMRBpxnqEgOEacyqIY+6WiLkgxFCPpiyCqq9+mp98x2F4VvKAAJWtexZ1mu9TBMakkRSLInkw4WI6HXsqy5oNi0l+ZZJNgOlhkWBNorumMljgDpfohED5ZOPFAgssDu1IirOqVonLGzmB3uQtmSHk/pVZdS9uxXB84NGImntONaO0SyweHRIKaFE1FiNibaEW1wu0mHE07RYIQoxzt2Ep+yVuC1BnZRruzdTHLTYqVAcSykOAdn8ghVhTFyVaLWJPZ6JchOvmGpXo3yogNX/bFZyl37mr3oEEXLuu+h4wBUEofrHTKIDp1p2931SCtTjNMmWL/yH0HNNGyqftaS3i/Qz1Fp9imZaqCt6mKpKnYNuuWgcs3GmKxuHBl6M= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6ef11aa6-2116-4959-1063-08d6f4af9fbb X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2019 12:14:05.4195 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: miika.komu@ericsson.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3772 Archived-At: Subject: Re: [Hipsec] Spencer Dawkins' No Objection on draft-ietf-hip-dex-06: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jun 2019 12:14:19 -0000 SGksDQoNCm1hLCAyMDE4LTA1LTIxIGtlbGxvIDE3OjUyIC0wNzAwLCBTcGVuY2VyIERhd2tpbnMg a2lyam9pdHRpOg0KPiBTcGVuY2VyIERhd2tpbnMgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBi YWxsb3QgcG9zaXRpb24gZm9yDQo+IGRyYWZ0LWlldGYtaGlwLWRleC0wNjogTm8gT2JqZWN0aW9u DQo+IA0KPiBXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50 YWN0IGFuZCByZXBseSB0byBhbGwNCj4gZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBU byBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0DQo+IHRoaXMNCj4gaW50cm9kdWN0b3J5 IHBhcmFncmFwaCwgaG93ZXZlci4pDQo+IA0KPiANCj4gUGxlYXNlIHJlZmVyIHRvIA0KPiBodHRw czovL3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4g Zm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0 aW9ucy4NCj4gDQo+IA0KPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBv c2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2RyYWZ0LWlldGYtaGlwLWRleC8NCj4gDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiAt LS0NCj4gQ09NTUVOVDoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiAtLS0NCj4gDQo+IEknbSBub3QgYW4gZXhw ZXJ0IG9uIHdoYXQgcGVvcGxlIGV4cGVjdCBhYm91dCBzZWN1cml0eSwgYnV0IEknbQ0KPiB3b25k ZXJpbmcgaWYNCj4gdGhlcmUncyBhIGxpdHRsZSB0b28gbXVjaCBkaXN0YW5jZSBiZXR3ZWVuIHRo aXMgdGV4dCBpbiB0aGUgQWJzdHJhY3QsDQo+IA0KPiAgIFRoaXMgZG9jdW1lbnQgc3BlY2lmaWVz IHRoZSBIb3N0IElkZW50aXR5IFByb3RvY29sIERpZXQgRVhjaGFuZ2UNCj4gKEhJUA0KPiAgICBE RVgpLCBhIHZhcmlhbnQgb2YgdGhlIEhvc3QgSWRlbnRpdHkgUHJvdG9jb2wgVmVyc2lvbiAyDQo+ IChISVB2MikuICBUaGUNCj4gICAgSElQIERFWCBwcm90b2NvbCBkZXNpZ24gYWltcyBhdCByZWR1 Y2luZyB0aGUgb3ZlcmhlYWQgb2YgdGhlDQo+IGVtcGxveWVkDQo+ICAgIGNyeXB0b2dyYXBoaWMg cHJpbWl0aXZlcyBieSBvbWl0dGluZyBwdWJsaWMta2V5IHNpZ25hdHVyZXMgYW5kDQo+IGhhc2gN Cj4gICAgZnVuY3Rpb25zLiAgSW4gZG9pbmcgc28sIHRoZSBtYWluIGdvYWwgaXMgdG8gc3RpbGwg ZGVsaXZlciBzaW1pbGFyDQo+ICAgIHNlY3VyaXR5IHByb3BlcnRpZXMgdG8gSElQdjIuDQo+IA0K PiBhbmQgdGhpcyB0ZXh0IGluIHRoZSBJbnRyb2R1Y3Rpb24sDQo+IA0KPiAgIFRoZSBtYWluIGRp ZmZlcmVuY2VzIGJldHdlZW4gSElQIEJFWCBhbmQgSElQIERFWCBhcmU6DQo+IA0KPiAoc25pcCkN Cj4gDQo+ICAgMi4gIEhJUCBERVggZm9yZmVpdHMgdGhlIEhJUHYyIFBlcmZlY3QgRm9yd2FyZCBT ZWNyZWN5IHByb3BlcnR5IG9mDQo+ICAgICAgICBISVB2MiBkdWUgdG8gdGhlIHJlbW92YWwgb2Yg dGhlIGVwaGVtZXJhbCBEaWZmaWUtSGVsbG1hbiBrZXkNCj4gICAgICAgIGFncmVlbWVudC4NCj4g DQo+IFdvdWxkIHRoZSBhdmVyYWdlIHJlYWRlciBjb25zaWRlciAibm8gUEZTIiB0byBiZSBzaW1p bGFyIHRvIFBGUz8NCj4gKFBsZWFzZSBub3RlIHRoYXQgSSdtIG5vdCBxdWVzdGlvbmluZyB0aGUg Y2hvaWNlIG1hZGUgaW4gRElYLCBvbmx5DQo+IHRoZSB3YXkgdGhhdA0KPiBjaG9pY2UgaXMgZGVz Y3JpYmVkIGluIHRoZSBBYnN0cmFjdCkNCg0KSSBhZ3JlZSB0aGF0ICJzaW1pbGFyIiBpcyB2ZXJ5 IGFtYmlndW91cy4gSSBoYXZlIHJlbW92ZWQgdGhlIHNlbnRlbmNlDQoiSW4gZG9pbmcgc28sIHRo ZSBtYWluIGdvYWwgaXMgdG8gc3RpbGwgZGVsaXZlciBzaW1pbGFyIHNlY3VyaXR5DQpwcm9wZXJ0 aWVzIHRvIEhJUHYyIiBmcm9tIHRoZSBhYnN0cmFjdCAoYXMgc3VnZ2VzdGVkIG9mZmxpbmUgYnkg RXJpYw0KVnluY2tlKS4gSSBob3BlIHRoaXMgcmVzb2x2ZXMgeW91ciBjb21tZW50Pw0KDQo+IEkn bSBjdXJpb3VzIGFib3V0IHdoZXRoZXIgYSBjb3VwbGUgb2Ygb3RoZXIgZGlmZmVyZW5jZXMgbmFt ZWQgaW4gdGhlDQo+IEludHJvZHVjdGlvbiB3b3VsZCBhbHNvIHF1YWxpZnkgYXMgc2ltaWxhciwg YnV0IGxldCdzIHN0YXJ0IHdpdGggUEZTLg0KPiANCj4gSSdtIGFsc28gY3VyaW91cyBhYm91dCB3 aGV0aGVyDQo+IA0KPiAxLjEuICBUaGUgSElQIERpZXQgRVhjaGFuZ2UgKERFWCkNCj4gDQo+IChz bmlwKQ0KPiANCj4gICAgSElQIERFWCBkb2VzIG5vdCBoYXZlIHRoZSBvcHRpb24gdG8gZW5jcnlw dCB0aGUgSG9zdCBJZGVudGl0eSBvZg0KPiB0aGUNCj4gICAgSW5pdGlhdG9yIGluIHRoZSAzcmQg cGFja2V0LiAgVGhlIFJlc3BvbmRlcidzIEhvc3QgSWRlbnRpdHkgYWxzbw0KPiBpcw0KPiAgICBu b3QgcHJvdGVjdGVkLiAgVGh1cywgY29udHJhcnkgdG8gSElQdjIsIEhJUCBERVggZG9lcyBub3Qg cHJvdmlkZQ0KPiBmb3INCj4gICAgZW5kLXBvaW50IGFub255bWl0eSBhbmQgYW55IHNpZ25hbGlu ZyB0aGF0IGluZGljYXRlcyBzdWNoDQo+IGFub255bWl0eQ0KPiAgICBzaG91bGQgYmUgaWdub3Jl ZC4NCj4gDQo+IHF1YWxpZmllcyBhcyAic2ltaWxhciIsIGJ1dCBJIGRvbid0IGhhdmUgYSBnb29k IHNlbnNlIG9mIGhvdyBtdWNoDQo+IHRoaXMgbWF0dGVycw0KPiBpbiBjdXJyZW50IGFuZCBleHBl Y3RlZCBISVAgZGVwbG95bWVudHMuDQoNCnRoZSBzZW50ZW5jZSBoYXMgYmVlbiByZW1vdmVkIGZy b20gdGhlIGFic3RyYWN0LCBJIGhvcGUgdGhpcyBwb2ludCBpcw0KYWxzbyBtb290IG5vdy4NCg0K PiBJJ20gaGFyZGx5IHRoZSBzbWFydCBvbmUgYWJvdXQgdGhpcywgYnV0IGlzDQo+IA0KPiAgIG8g IEhJUCBERVggbGFja3MgdGhlIFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IChQRlMpIHByb3BlcnR5 IG9mDQo+IEhJUHYyLg0KPiAgICAgICBDb25zZXF1ZW50bHksIGlmIGFuIEhJIGlzIGNvbXByb21p c2VkLCBhbGwgSElQIGNvbm5lY3Rpb25zDQo+ICAgICAgIHByb3RlY3RlZCB3aXRoIHRoYXQgSEkg YXJlIGNvbXByb21pc2VkLg0KPiANCj4gY29ycmVjdD8gSSB3YXMgZXhwZWN0aW5nIHRvIHNlZSBz b21ldGhpbmcgbGlrZSAiaWYgYW4gSEkgaXMNCj4gY29tcHJvbWlzZWQsIGFsbA0KPiBwcmV2aW91 cyBISVAgY29ubmVjdGlvbnMgcHJvdGVjdGVkIHdpdGggdGhhdCBISSBhcmUgY29tcHJvbWlzZWQi Lg0KDQp5b3UgYXJlIGNvcnJlY3QsIGZpeGVkLg0KDQo+IFRoZSB2ZXJzaW9uIG9mIHRoaXMgZHJh ZnQgSSdtIHJldmlld2luZyBoYXMgNTcgb2NjdXJyZW5jZXMgb2YgdGhlDQo+IHdvcmQNCj4gInNo b3VsZCIuIEknbSBub3Qgc2VlaW5nIHZlcnkgbWFueSBjYXNlcyB3aGVyZSB0aGUgc3Vycm91bmRp bmcgdGV4dA0KPiBleHBsYWlucw0KPiB3aHkgYW4gaW1wbGVtZW50YXRpb24gd291bGQgbm90IGRv IHdoYXQgaXQgU0hPVUxEIGRvLCBhbmQgSSdtIG5vdA0KPiBzZWVpbmcgbWFueQ0KPiBjYXNlcyB3 aGVyZSB0aGUgc3Vycm91bmRpbmcgdGV4dCBleHBsYWlucyB3aGF0IHRoZSBwZWVyDQo+IGltcGxl bWVudGF0aW9uIHNob3VsZA0KPiBkbywgaWYgdGhlIG90aGVyIGVuZHBvaW50IGRvZXNuJ3QgZG8g d2hhdCBpdCBTSE9VTEQgZG8sIGFsdGhvdWdoIG1hbnkNCj4gb2YgdGhvc2UNCj4gY2FzZXMgbWln aHQgYmUgY2FwdHVyZWQgaW4gdGhlIHN0YXRlIGRpYWdyYW1zIGluIHRoZSBkb2N1bWVudC4NCg0K bWFueSBvZiB0aGUgU0hPVUxEcyBhcmUgaW5oZXJpdGVkIGZyb20gdGhlIHRleHQgaW4gUkZDNzQw MS4gSWYgeW91DQpyZWFsbHkgd2FudCB0bywgSSBjYW4gZG8gYSBzaWRlIGJ5IHNpZGUgY29tcGFy aXNvbiBhbmQgY2hlY2sgd2hpY2ggb25lcw0KYXJlIHJlYWxseSBuZXcsIGFuZCB0aGVuIGltcHJv dmUgdGhlIG5ldyBvbmVzPyBXaXRoIG15IGN1cnJlbnQNCnByaW9yaXRpZXMgYXQgd29yaywgdGhp cyB3aWxsIHVuZm9ydHVuYXRlbHkgdGFrZSBhIGxvdCBvZiB0aW1lLiBBbm90aGVyDQp3YXkgdG8g cmVzb2x2ZSB5b3VyIGNvbW1lbnQgaXMgdG8gYWRkIHNvbWUgZ2VuZXJhbCBzdGF0ZW1lbnQgYWJv dXQgdGhlDQpTSE9VTERzIGluIHRoZSBzcGVjaWZpY2F0aW9uLg0KDQo+IEluIHRoaXMgdGV4dCwN Cj4gDQo+ICAgQnkgZWxpbWluYXRpbmcgdGhlIG5lZWQgZm9yIHB1YmxpYy1rZXkgc2lnbmF0dXJl cyBhbmQgdGhlIGVwaGVtZXJhbA0KPiAgICBESCBrZXkgYWdyZWVtZW50LCBISVAgREVYIHJlZHVj ZXMgdGhlIGNvbXB1dGF0aW9uLCBlbmVyZ3ksDQo+ICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl4NCj4gICAgdHJhbnNtaXNzaW9uLCBh bmQgbWVtb3J5IHJlcXVpcmVtZW50cyBmb3IgcHVibGljLWtleSBjcnlwdG9ncmFwaHkNCj4gICAg Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXg0KPiAgICAoc2VlIFtMTjA4XSkg aW4gdGhlIEhJUHYyIHByb3RvY29sIGRlc2lnbi4gIE1vcmVvdmVyLCBieSBkcm9wcGluZw0KPiB0 aGUNCj4gICAgY3J5cHRvZ3JhcGhpYyBoYXNoIGZ1bmN0aW9uLCBISVAgREVYIGFmZm9yZHMgYSBt b3JlIGVmZmljaWVudA0KPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eDQo+ICAgIHByb3RvY29sIGltcGxlbWVudGF0aW9uIHRo YW4gSElQIEJFWCB3aXRoIHJlc3BlY3QgdG8gdGhlDQo+ICAgIF5eXl5eXl5eXl5eXl5eXl5eXl5e Xl5eDQo+ICAgIGNvcnJlc3BvbmRpbmcgY29tcHV0YXRpb24gYW5kIG1lbW9yeSByZXF1aXJlbWVu dHMuDQo+IA0KPiBpcyAiZWZmaWNpZW50IiB0aGUgcmlnaHQgd29yZCwgaW4gdGhlIHNlY29uZCBz ZW50ZW5jZT8gVGhpcyBzZWVtcyB0bw0KPiBtaXJyb3INCj4gdGhhdCAicmVkdWNpbmcgcmVxdWly ZW1lbnRzIiBlZmZlY3QgZnJvbSB0aGUgZmlyc3Qgc2VudGVuY2UgLSBJJ2QNCj4gYXNzdW1lIHRo YXQNCj4gaWYgeW91IHdlcmUgY29tcGFyaW5nIGVmZmljaWVuY2llcywgeW91J2QgYmUgY29tcGFy aW5nIHR3byB0aGluZ3MNCj4gd2l0aA0KPiBlcXVpdmFsZW50IGZ1bmN0aW9uYWxpdHkuDQoNCkkg cmVtb3ZlZCB0aGUgc2Vjb25kIHNlbnRlbmNlIChJIHRoaW5rIGl0IHdhcyBhIGJpdCByZWR1bmRh bnQgYW55d2F5cykuDQpJIGhvcGUgdGhpcyByZXNvbHZlcyB5b3VyIGNvbW1lbnQuDQoNCkkgYWxz byBjaGFuZ2VkICJjb21wdXRhdGlvbiIgdG8gImNvbXB1dGF0aW9uYWwiLg0KDQo+IEknbSBzdXJl IEknbSBub3QgcmVhZGluZyB0aGlzIGNvcnJlY3RseSwgYnV0IGluIHRoaXMgdGV4dA0KPiANCj4g ICBJbiB0aGUgc2Vjb25kIGNhc2UsIHRoZSBISVAgREVYIGltcGxlbWVudGF0aW9uIChSZXNwb25k ZXIpIGluc3BlY3RzDQo+ICAgIHRoZSBJbml0aWF0b3IncyBISVQgb24gcmVjZXB0aW9uIG9mIGFu IEkxIHBhY2tldC4gIElmIHRoZSBPR0EgSUQNCj4gICAgZmllbGQgb2YgdGhpcyBISVQgZG9lcyBu b3QgaW5kaWNhdGUgdGhlIEhJUCBERVggSElUIFN1aXRlIElELCB0aGUNCj4gSElQDQo+ICAgIERF WCBpbXBsZW1lbnRhdGlvbiBjYW5jZWxzIHRoZSBoYW5kc2hha2UgYW5kIHNlbmRzIGFuIElDTVAg cGFja2V0DQo+ICAgIHdpdGggdHlwZSBQYXJhbWV0ZXIgUHJvYmxlbSwgd2l0aCB0aGUgUG9pbnRl ciBwb2ludGluZyB0byB0aGUNCj4gc291cmNlDQo+ICAgIEhJVCwgdG8gdGhlIEluaXRpYXRvci4g IEFzIGFuIGFkdmVyc2FyeSBjb3VsZCBhbHNvIHNlbmQgc3VjaCBhbg0KPiBJQ01QDQo+ICAgIHBh Y2tldCBpbiBhIG1hbi1pbi10aGUtbWlkZGxlIGF0dGFjayB3aXRoIHRoZSBhaW0gdG8gcHJldmVu dCB0aGUNCj4gSElQDQo+ICAgICAgICAgICAgICAgIF5eXl5eXl5eXl5eXl5eXl5eDQo+ICAgIERF WCBoYW5kc2hha2UgZnJvbSBjb21wbGV0aW5nLCB0aGUgSW5pdGlhdG9yIFNIT1VMRCBOT1QgcmVh Y3QgdG8NCj4gYW4NCj4gICAgSUNNUCBtZXNzYWdlIGFmdGVyIHNlbmRpbmcgdGhlIEkxIHVudGls IGEgcmVhc29uYWJsZSBkZWx0YSB0aW1lIHRvDQo+ICAgIGdldCB0aGUgcmVhbCBSZXNwb25kZXIn cyBSMSBISVAgcGFja2V0Lg0KPiANCj4gSSB3b3VsZCBoYXZlIHRob3VnaHQgdGhhdCB0aGlzIHdh cyBhIGdvb2QgcGxhbiB0byBkZWZlbmQgYWdhaW5zdCBhbg0KPiBvZmYtcGF0aA0KPiBhdHRhY2tl ciwgYmVjYXVzZSBJQ01QIGlzIGhlbHBmdWxseSB1bmF1dGhlbnRpY2F0ZWQsIGFuZCBpZiB5b3Ug d2VyZQ0KPiBvbi1wYXRoDQo+IChzbywgbWFuLWluLXRoZS1taWRkbGUpLCB5b3UnZCBwcm9iYWJs eSBiZSBkb2luZyB0aGluZ3MgdGhhdCB3ZXJlDQo+IG11Y2ggbW9yZQ0KPiBhZ2dyZXNzaXZlIChs aWtlIHRyeWluZyB0byBpbXBlcnNvbmF0ZSB0aGUgb3RoZXIgZW5kKS4gQW0gSSBnZXR0aW5nDQo+ IHRoaXMgd3Jvbmc/DQoNCkkgYWdyZWUsIG9mZi1wYXRoIGF0dGFja2VyIGlzIG1vcmUgcmVsZXZh bnQgaGVyZS4gQ2hhbmdlZCB0aGUgdGV4dCBhcw0KZm9sbG93czoNCg0KQXMgYW4gb2ZmLXBhdGgg YWR2ZXJzYXJ5IGNvdWxkIGFsc28gc2VuZCBzdWNoDQogICBhbiBJQ01QIHBhY2tldCB3aXRoIHRo ZSBhaW0gdG8gcHJldmVudCB0aGUgSElQIERFWCBoYW5kc2hha2UgZnJvbQ0KICAgY29tcGxldGlu ZywgdGhlIEluaXRpYXRvciBTSE9VTEQgTk9UIHJlYWN0IHRvIGFuIElDTVAgbWVzc2FnZSBiZWZv cmUNCiAgIHJldHJhbnNtaXNzaW9uIGNvdW50ZXIgcmVhY2hlcyBJMV9SRVRSSUVTX01BWCBpbiBp dHMgc3RhdGUgbWFjaGluZQ0KICAgKHNlZSBUYWJsZSAzIGluIFtSRkM3NDAxXSkuDQo= From nobody Mon Jun 24 03:30:37 2019 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F77D120090; Mon, 24 Jun 2019 03:30:30 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: hipsec@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.98.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: hipsec@ietf.org Message-ID: <156137223044.17522.10317737729455247082@ietfa.amsl.com> Date: Mon, 24 Jun 2019 03:30:30 -0700 Archived-At: Subject: [Hipsec] I-D Action: draft-ietf-hip-dex-08.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jun 2019 10:30:31 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol WG of the IETF. Title : HIP Diet EXchange (DEX) Authors : Robert Moskowitz Rene Hummen Miika Komu Filename : draft-ietf-hip-dex-08.txt Pages : 50 Date : 2019-06-24 Abstract: This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. The HIP DEX protocol is primarily designed for computation or memory- constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-dex/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-dex-08 https://datatracker.ietf.org/doc/html/draft-ietf-hip-dex-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-dex-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Jun 26 05:27:31 2019 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 556E412013A; Wed, 26 Jun 2019 05:27:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srdLFn6VRRmf; Wed, 26 Jun 2019 05:27:21 -0700 (PDT) Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B241200FA; Wed, 26 Jun 2019 05:27:20 -0700 (PDT) Received: from [129.192.10.2] (helo=[164.48.135.199]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1hg71C-0005By-Hv; Wed, 26 Jun 2019 14:27:18 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Mirja Kuehlewind In-Reply-To: <7934deefa772f778146bc401006c5635afdfaf75.camel@ericsson.com> Date: Wed, 26 Jun 2019 14:27:17 +0200 Cc: "iesg@ietf.org" , "spencerdawkins.ietf@gmail.com" , "draft-ietf-hip-dex@ietf.org" , "hip-chairs@ietf.org" , "hipsec@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <4B08DCA9-B1B1-4EAF-9A7A-04DE2C6600A2@kuehlewind.net> References: <152695036709.7650.1412062169882723188.idtracker@ietfa.amsl.com> <7934deefa772f778146bc401006c5635afdfaf75.camel@ericsson.com> To: Miika Komu X-Mailer: Apple Mail (2.3445.104.11) X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1561552040;57c71b6d; X-HE-SMSGID: 1hg71C-0005By-Hv Archived-At: Subject: Re: [Hipsec] Spencer Dawkins' No Objection on draft-ietf-hip-dex-06: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jun 2019 12:27:24 -0000 Hi Miika, Thanks for addressing these comments. Spencer is not serving in the AD = role anymore, so I had a quick look at your feedback and believe this = all looks good! Regarding the question about SHOULDs: I don=E2=80=99t think it is = necessary to go back and compare to RFC7401, however, a less time = consuming effort could be to grab for all SHOULDs and shoulds and = double-check if a) normative or non normative language should be used = and b) if any clarification can or should be added to why this is a = SHOULD and not a MUST. However I leave it to you (and the responsible = AD) to make the final decision here! Mirja =20 > On 19. Jun 2019, at 14:14, Miika Komu wrote: >=20 > Hi, >=20 > ma, 2018-05-21 kello 17:52 -0700, Spencer Dawkins kirjoitti: >> Spencer Dawkins has entered the following ballot position for >> draft-ietf-hip-dex-06: No Objection >>=20 >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut >> this >> introductory paragraph, however.) >>=20 >>=20 >> Please refer to=20 >> https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >>=20 >>=20 >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-hip-dex/ >>=20 >>=20 >>=20 >> ------------------------------------------------------------------- >> --- >> COMMENT: >> ------------------------------------------------------------------- >> --- >>=20 >> I'm not an expert on what people expect about security, but I'm >> wondering if >> there's a little too much distance between this text in the Abstract, >>=20 >> This document specifies the Host Identity Protocol Diet EXchange >> (HIP >> DEX), a variant of the Host Identity Protocol Version 2 >> (HIPv2). The >> HIP DEX protocol design aims at reducing the overhead of the >> employed >> cryptographic primitives by omitting public-key signatures and >> hash >> functions. In doing so, the main goal is to still deliver similar >> security properties to HIPv2. >>=20 >> and this text in the Introduction, >>=20 >> The main differences between HIP BEX and HIP DEX are: >>=20 >> (snip) >>=20 >> 2. HIP DEX forfeits the HIPv2 Perfect Forward Secrecy property of >> HIPv2 due to the removal of the ephemeral Diffie-Hellman key >> agreement. >>=20 >> Would the average reader consider "no PFS" to be similar to PFS? >> (Please note that I'm not questioning the choice made in DIX, only >> the way that >> choice is described in the Abstract) >=20 > I agree that "similar" is very ambiguous. I have removed the sentence > "In doing so, the main goal is to still deliver similar security > properties to HIPv2" from the abstract (as suggested offline by Eric > Vyncke). I hope this resolves your comment? >=20 >> I'm curious about whether a couple of other differences named in the >> Introduction would also qualify as similar, but let's start with PFS. >>=20 >> I'm also curious about whether >>=20 >> 1.1. The HIP Diet EXchange (DEX) >>=20 >> (snip) >>=20 >> HIP DEX does not have the option to encrypt the Host Identity of >> the >> Initiator in the 3rd packet. The Responder's Host Identity also >> is >> not protected. Thus, contrary to HIPv2, HIP DEX does not provide >> for >> end-point anonymity and any signaling that indicates such >> anonymity >> should be ignored. >>=20 >> qualifies as "similar", but I don't have a good sense of how much >> this matters >> in current and expected HIP deployments. >=20 > the sentence has been removed from the abstract, I hope this point is > also moot now. >=20 >> I'm hardly the smart one about this, but is >>=20 >> o HIP DEX lacks the Perfect Forward Secrecy (PFS) property of >> HIPv2. >> Consequently, if an HI is compromised, all HIP connections >> protected with that HI are compromised. >>=20 >> correct? I was expecting to see something like "if an HI is >> compromised, all >> previous HIP connections protected with that HI are compromised". >=20 > you are correct, fixed. >=20 >> The version of this draft I'm reviewing has 57 occurrences of the >> word >> "should". I'm not seeing very many cases where the surrounding text >> explains >> why an implementation would not do what it SHOULD do, and I'm not >> seeing many >> cases where the surrounding text explains what the peer >> implementation should >> do, if the other endpoint doesn't do what it SHOULD do, although many >> of those >> cases might be captured in the state diagrams in the document. >=20 > many of the SHOULDs are inherited from the text in RFC7401. If you > really want to, I can do a side by side comparison and check which = ones > are really new, and then improve the new ones? With my current > priorities at work, this will unfortunately take a lot of time. = Another > way to resolve your comment is to add some general statement about the > SHOULDs in the specification. >=20 >> In this text, >>=20 >> By eliminating the need for public-key signatures and the ephemeral >> DH key agreement, HIP DEX reduces the computation, energy, >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> transmission, and memory requirements for public-key cryptography >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> (see [LN08]) in the HIPv2 protocol design. Moreover, by dropping >> the >> cryptographic hash function, HIP DEX affords a more efficient >> ^^^^^^^^^^^^^^^^^^^^^^^^ >> protocol implementation than HIP BEX with respect to the >> ^^^^^^^^^^^^^^^^^^^^^^^ >> corresponding computation and memory requirements. >>=20 >> is "efficient" the right word, in the second sentence? This seems to >> mirror >> that "reducing requirements" effect from the first sentence - I'd >> assume that >> if you were comparing efficiencies, you'd be comparing two things >> with >> equivalent functionality. >=20 > I removed the second sentence (I think it was a bit redundant = anyways). > I hope this resolves your comment. >=20 > I also changed "computation" to "computational". >=20 >> I'm sure I'm not reading this correctly, but in this text >>=20 >> In the second case, the HIP DEX implementation (Responder) inspects >> the Initiator's HIT on reception of an I1 packet. If the OGA ID >> field of this HIT does not indicate the HIP DEX HIT Suite ID, the >> HIP >> DEX implementation cancels the handshake and sends an ICMP packet >> with type Parameter Problem, with the Pointer pointing to the >> source >> HIT, to the Initiator. As an adversary could also send such an >> ICMP >> packet in a man-in-the-middle attack with the aim to prevent the >> HIP >> ^^^^^^^^^^^^^^^^^ >> DEX handshake from completing, the Initiator SHOULD NOT react to >> an >> ICMP message after sending the I1 until a reasonable delta time to >> get the real Responder's R1 HIP packet. >>=20 >> I would have thought that this was a good plan to defend against an >> off-path >> attacker, because ICMP is helpfully unauthenticated, and if you were >> on-path >> (so, man-in-the-middle), you'd probably be doing things that were >> much more >> aggressive (like trying to impersonate the other end). Am I getting >> this wrong? >=20 > I agree, off-path attacker is more relevant here. Changed the text as > follows: >=20 > As an off-path adversary could also send such > an ICMP packet with the aim to prevent the HIP DEX handshake from > completing, the Initiator SHOULD NOT react to an ICMP message before > retransmission counter reaches I1_RETRIES_MAX in its state machine > (see Table 3 in [RFC7401]).